Added healing utilities to update the handle registry when a user profile is found at a new node domain. Enhanced upsertHandleEntries to accept a sourceDomain parameter, allowing authoritative updates from the owning node. Updated gossip logic to pass sender/target domains for proper trust handling during handle propagation. Integrated healing logic into chat key lookup to keep the registry accurate.
The GET /api/chat/keys endpoint now checks a remote identity cache and, if necessary, fetches keys from remote nodes or Swarm user profiles when a local key is not found. Results from remote lookups are cached for 24 hours to improve performance and reliability.
Adds the missing third argument (null) to sodium.crypto_generichash to ensure correct hashing behavior when generating the salt for storage key derivation.
Replaces legacy chat encryption modules with new sodium-based implementation. Adds and updates API routes for chat key management and debugging, introduces new hooks and scripts for sodium chat, and updates related database schema and configuration. Removes old crypto modules and updates dependencies accordingly.
The messages API now resolves and includes sender DIDs for received messages, enabling proper decryption in the chat UI. The chat page adds logic to decrypt self-encrypted messages for sent items and improves V2 envelope handling, while useChatEncryption now serializes ratchet state before storage.
Introduces a migration to add a sender_did column to the chat_messages table and creates new tables for chat_device_bundles, chat_inbox, and chat_one_time_keys. Updates related API routes and adds a script for sender DID migration. These changes support device-based messaging and improved chat security.
Introduces helper functions to encrypt and decrypt a copy of sent messages for the sender using AES-GCM with a key derived from the identity public key. Updates message sending to include a self-encrypted payload, and modifies message reading logic to allow the sender to decrypt their own messages on any device.
Messages sent to remote users are now stored locally for the sender, and incoming remote messages are stored for the recipient, ensuring both parties see their message history in the UI. The implementation creates or updates conversations as needed and marks messages as delivered when appropriate.
Introduces support for V2 encrypted chat envelopes in the swarm inbox route, allowing storage and processing of new message formats. Enhances error handling and logging in both chat send and encryption hooks, including detection of remote nodes that do not support the V2 protocol and providing clearer error messages for users and developers.
Adds robust session serialization/deserialization for ratchet state, session cleanup for corrupted data, and improved error handling in chat encryption hooks. Enhances chat delivery to support both local and remote recipients, ensures conversation creation, and adds timeouts to key fetches. Also introduces utilities for deleting and clearing encrypted session data from storage.
Introduced a 'signature' field with a placeholder value ('signed-by-did-envelope') in the bundle payload to satisfy expected structure and prevent potential issues with undefined values. Added detailed comments explaining the reasoning and context for this change, particularly regarding the signing of the signedPreKey and the use of the DID key.
Refactors the chat key fetch API to support fallback lookups using user handle and did:web aliasing, improving reliability when primary lookups fail. Updates useChatEncryption to detect and repair 'Zombie State' where local keys exist but are missing on the server, ensuring keys are republished as needed. Modifies sendMessage to pass recipient handle and bind sessions to the correct DID, supporting aliasing scenarios.
Introduces an API route to proxy remote key bundle fetches, improving CORS handling for secure chat. Updates chat UI to handle error states and retries, enhances key/identity synchronization, and refactors message sending to support remote node domains. Also adds CORS preflight support to the .well-known chat route and improves in-memory key store management.
Introduces a 'did' field to SwarmUserProfile and related API routes to support decentralized identifiers. Refactors login flow to use soft navigation and synchronize AuthContext state, including new 'login' and enhanced 'unlockIdentity' methods for better user state management.
Major update to chat page with new conversation list, message thread view, and support for V2 end-to-end encrypted messaging using DIDs. Adds chat lock state, message sending, conversation deletion, and improved polling. Updates user API and types to include DID and chatPublicKey. Fixes race conditions in feed loading, adds message button to user profile, and improves crypto and identity hooks for better locked/unlocked state detection.
Introduces encrypted private key storage for nodes and users, updates chat message schema to support sender-side encryption, and adds supporting libraries and tests for cryptographic signing and identity unlock flows. Includes new database migrations, API route updates, and React components for identity unlock prompts.
Adds logic to notify remote nodes when a chat conversation is deleted, and introduces a new API endpoint to receive and process deletion requests from other swarm nodes. Ensures that only authorized participants can trigger deletions and handles both local and remote user scenarios.
The DELETE API route now expects params as a Promise and awaits it to extract the conversation id. All references to params.id have been updated to use the resolved id variable.
Introduces an API route for deleting chat conversations, supporting deletion for self or both parties. Updates the chat page UI to allow users to delete conversations with confirmation modal and handles state updates after deletion.
Renamed 'Latest' feed to 'Following' across the home and profile pages for clarity, and updated related UI text. Improved chat experience by adding a scroll-to-bottom button, tracking scroll position, and only auto-scrolling when the user is at the bottom. Updated default node description to 'A swarm social network node.' in multiple locations.
All user and post profile URLs have been updated from /[handle] to /u/[handle] for consistency. Added a redirect page for /posts/[id] to the canonical /u/[handle]/posts/[id] route. Deprecated and removed legacy scripts and documentation related to chat and federation endpoints. Push-based federation endpoints are now disabled in favor of real-time pull-based federation.
Introduces a new chat page with end-to-end encryption, conversation list, and message thread UI. Adds new API endpoints for unread message count and debugging chat keys/messages. Improves chat key validation and reciprocal conversation/message creation for local recipients. Removes the old ChatWidget component. Updates login and chat API logic for better Turnstile and key handling.
Adds detailed logging for registration attempts (excluding passwords) and Turnstile verification failures. Enhances error handling by distinguishing between validation, business logic, and server errors, returning appropriate HTTP status codes.
- Implement remote user detection based on @domain format in recipient handle
- Add HTTP/HTTPS protocol selection logic for localhost vs production domains
- Fetch remote user public keys from their node's /api/users endpoint
- Maintain local user key lookup for non-remote recipients
- Add error handling and debug logging for remote key fetch failures
- Enable end-to-end encryption support for federated chat across nodes
- Add recipient public key fetching in messages API endpoint for sent message decryption
- Include `isE2E` flag in message response to indicate end-to-end encryption status
- Simplify encrypted content handling by always returning `encryptedContent` field
- Add comprehensive debug logging throughout message loading pipeline for troubleshooting
- Improve key resolution logic to fetch recipient keys when not available in conversation data
- Add detailed logging for each message processing step including key availability and decryption status
- Enhance error handling with more descriptive error messages in key fetching operations
- Better distinguish between sent and received message decryption requirements with clear comments
- Add fallback logic to fetch recipient's public key if not already cached
- Distinguish between E2E encrypted messages (with senderPublicKey) and legacy RSA messages
- Return appropriate error messages for legacy encrypted messages and missing decryption keys
- Improve ECDH key derivation logic with clearer comments explaining sent vs received message handling
- Add comprehensive error logging for decryption failures and missing keys
- Refactor loadMessages function for better readability with expanded formatting
- Ensure recipient key is available before attempting message decryption to prevent silent failures
- Fix template literal syntax from escaped backticks to proper ${} notation
- Remove unnecessary comments from empty catch blocks for cleaner code
- Add emoji to initial chat greeting message for better UX
- Ensure consistent string interpolation across all API calls and JSX attributes
- Add chat keys API endpoint for storing and retrieving encrypted RSA public/private key pairs
- Create client-side crypto utilities for E2E encryption/decryption with hybrid encryption support
- Implement useChatEncryption hook for managing encryption state and key generation in chat UI
- Add chatPublicKey and chatPrivateKeyEncrypted fields to user schema for key storage
- Update chat messages API to return encrypted content with sender's public key for decryption
- Modify send message endpoint to accept pre-encrypted content from client while maintaining legacy server-side encryption
- Update chat page UI to integrate client-side encryption workflow
- Ensure private keys are encrypted client-side with user password before transmission to server
- Server cannot decrypt message content in E2E mode, providing true end-to-end encryption
- Add validation to check if cached users have valid public keys (PEM format)
- Fetch remote public keys when local cache has placeholder/invalid keys
- Update existing cached users with real public keys instead of creating duplicates
- Include public key in user profile API response for E2E encrypted chat support
- Improve error handling to reject recipients without valid encryption keys
- Ensure remote user data is properly extracted from API responses
This prevents sending encrypted messages to users with placeholder keys and ensures the chat system always has access to valid public keys for encryption operations.
- Strip leading @ symbol from recipient handle before normalization
- Replace simple split() with substring-based parsing for more robust handle@domain extraction
- Add clarifying comments explaining handle format expectations (handle@domain)
- Prevent potential issues with malformed recipient handles containing multiple @ symbols
- Ensure consistent handle normalization across local and remote recipients
- Replace pure RSA encryption with hybrid encryption scheme for better performance
- Implement AES-256-GCM for fast message encryption without size limitations
- Use RSA-OAEP for secure AES key exchange between chat participants
- Add EncryptedPayload interface to structure encrypted data (key, IV, ciphertext, auth tag)
- Update encryptMessage() to generate random AES key and IV, encrypt with AES-GCM, then wrap AES key with RSA
- Update decryptMessage() to unwrap AES key with RSA, then decrypt message with AES-GCM
- Include GCM authentication tag for message integrity verification
- Encode all binary components as base64 strings in JSON payload for transport
- Improves encryption performance while maintaining security for end-to-end swarm messaging
- Remove ActivityPub infrastructure (webfinger, nodeinfo, inbox, activities, signatures)
- Implement native peer-to-peer Swarm network with gossip protocol
- Replace federated timeline with Swarm timeline aggregating posts from all nodes
- Migrate direct messaging to end-to-end encrypted Swarm Chat system
- Update user interactions (follow, like, repost) to use Swarm protocol
- Add cryptographic key management for DID-based identity system
- Remove server-bound identity model in favor of portable DID identities
- Update documentation to reflect Swarm architecture and capabilities
- Add debug utilities and chat testing tools for Swarm network
- Refactor database schema to support distributed user directory
- Update bot framework to work with Swarm network interactions
- Simplify API routes to use Swarm protocol instead of ActivityPub
- This transition enables true peer-to-peer communication, instant interactions, and encrypted messaging while maintaining sovereign identity through DIDs
- Add Swarm Chat documentation with architecture, API endpoints, and security considerations
- Create database schema for chat conversations, messages, and typing indicators
- Implement chat API endpoints for sending, receiving, and managing messages
- Add client-side encryption utilities using RSA-OAEP with SHA-256
- Create chat page UI for viewing conversations and messages
- Add chat type definitions for TypeScript support
- Update database schema with new chat tables and relationships
- Update sidebar navigation to include chat link
- Enable true end-to-end encrypted messaging across swarm nodes without ActivityPub limitations
- Add sql import from drizzle-orm for advanced query filtering
- Exclude federated/swarm posts by checking for null apId in timeline query
- Filter out remote placeholder users by validating handle doesn't contain @ symbol
- Add clarifying comments explaining local-only post filtering logic
- Improve timeline query to return only posts from local users, preventing remote placeholder user content from appearing in feeds
- Add SQL filter to exclude users with '@' in handle from admin users endpoint
- Update search endpoint to filter remote placeholder users from results
- Modify users listing endpoint to exclude federated user handles
- Prevent remote placeholder accounts from appearing in local user lists and search results
- Move Turnstile status indicator above input fields for better visibility
- Mask secret key input with placeholder dots when already configured
- Update secret key helper text to indicate configuration status
- Enhance version API endpoint to include GitHub commit URL
- Add githubUrl field to version response for direct commit linking
- Implement emoji sizing styles for post content and compose input
- Update RightSidebar version state type to include githubUrl
- Add clickable GitHub commit link in version display when available
- Improve security by hiding sensitive Turnstile secret key values
- Create new `/api/version` endpoint to retrieve git commit count and hash information
- Simplify admin page layout by removing unnecessary nested divs and card wrapper
- Refactor moderation page tab navigation with improved button styling using btn-sm and btn-primary classes
- Consolidate padding and styling in moderation page for cleaner component structure
- Add word-break and overflow-wrap styles to report content display for better text handling
- Improve responsive design by adding minWidth: 0 to flex containers in report cards
- Streamline conditional rendering in admin settings to reduce DOM nesting depth
- Move reports, posts, and users management to new moderation page
- Simplify admin page to focus on node settings configuration only
- Remove unused types (AdminUser, AdminPost, Report) from admin page
- Remove report resolution, post actions, and user moderation handlers
- Remove tab navigation and related state management from admin page
- Update sidebar navigation to include moderation page link
- Consolidate moderation dashboard functionality into separate component
- Improve code organization by separating concerns between admin and moderation
- Add Cloudflare Turnstile integration for login and registration forms
- Create turnstile verification utility with server-side token validation
- Add turnstile_site_key and turnstile_secret_key fields to nodes table
- Implement admin panel UI for configuring Turnstile keys in settings
- Update login and register API routes to verify Turnstile tokens
- Expose turnstile_site_key via GET /api/node endpoint for frontend
- Add admin endpoint to save and update Turnstile configuration
- Create remote_likes and remote_reposts tables for federated interaction tracking
- Add swarm reply metadata fields (swarm_reply_to_id, swarm_reply_to_content, swarm_reply_to_author) to posts table
- Add comprehensive TURNSTILE_SETUP.md documentation with setup instructions and security notes
- Create database migration 0007 with schema updates and indexes
- Protects against bot registrations and automated attacks on federated nodes